Mitigating risk is a day-to-day aspect of working in the Alternative Investment sector.
Despite the alarmist tone of some of the reports in the media, cyber risk has become simply one more risk – albeit an extremely important one – that has to be expertly and pro-actively managed by any company doing business in the twenty-first century.
Alternative Investment firms have their own unique set of challenges. Whether dealing with private equity, hedge funds or venture capital, the nature of the business involves large money transfers, big funding pools, and highly sensitive customer information, an irresistible combination to cyber criminals. The potential for theft is just the start; the reputational harm can be even more damaging.
A question of when.
The increasing incidence and sophistication of cyber crime, exacerbated by remote working, has resulted in a spate of high profile cases of data breach.
In January, The Guardian newspaper confirmed it had been hit by a “highly sophisticated cyber attack” in December, during which the personal data of UK staff members was compromised. In February, The U.S. Federal Bureau of Investigation confirmed that it was investigating malicious cyber activity on its network after CNN reported that hackers had compromised an FBI computer system at the agency’s New York field office. The FBI confirmed in a statement that they had contained an isolated incident but that an investigation was continuing.
In July 2021, Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under management was targeted by a ransomware attack in which personal information on private investors was stolen from servers before it was encrypted. The stolen information was believed to include names, email addresses, phone numbers and Social Security numbers of up to 300 people.
Safeguarding Sensitive Information.
Considering the prevalence of such cases and the rate at which cyber crime is evolving, it’s understandable that there is a lot of confusion about how best to protect your business and your clients’ sensitive information.
As 80% of our clients are in the Alternative Investment sector, we are constantly asked about how to develop and maintain the best possible Cyber Security Plan and Strategy for companies in this specialised financial sector.
There are a few things that we would recommend including:
Carry out a Cyber Security assessment.
This will audit not just your technology but also the policies and procedures surrounding the technology, to compare to industry best practices. You need to view your IT infrastructure as a criminal would – where are the weak spots? And what would be the most lucrative aspects of the system to target? Your MSP can work in partnership with you to develop a robust, flexible asset management plan that:
- improves visibility across your entire cyber security framework
- involves a comprehensive, multi-faceted approach combining a mixture of security solutions such as encryption and patch management with robust processes, backup and reporting
- prioritises budget for your most important, commercially sensitive information assets.
Conduct Cyber Security Staff Training.
You can have the best IT Partner in the world, but it only takes one staff member clicking on a suspicious e-mail link to let hackers in. A massive 90% of successful cyber attacks are a result of action by an end-user within the business, underlying how crucial it is for businesses to prioritise staff training. Employees who have undergone cyber security training are more likely to: understand the importance of complying with software updates; guide other staff members away from risky practices; and raise an alert quickly if something doesn’t seem quite right.
At Tribeca, we offer best-in-class cyber security training to empower staff to identify cyber attacks and stop breaches before they happen.
In addition, we recently launched the Tribeca Trust Centre so that our clients can have absolute confidence we are maintaining the highest certified standard in Information Security, including compliance with strict annual audits.